1. Field of the Invention
The present invention relates to secure storage and positive authentication of data communications and transactions, particularly those taking place between parties across an information technology communications network, such as the Internet.
2. State of the Art
There are many circumstances in which it may be required to generate and store securely an audit trail of data transactions taking place over a period of time within, for example, an organisation and/or between such an organisation and other parties. Such an audit trail is only really useful if its accuracy can be verified/authenticated at a later date and, although some prior art arrangements exist which attempt to achieve this, they are not able to provide sufficient verification/authentication for some purposes. With such prior art arrangements, there is always an element of doubt because undetected compromise of stored data is still possible.
Further, as remote communications and transactions between parties across an information technology communications network increase, there is an increasing need to provide some form of proof of receipt by the intended recipient of such communications. Prior art protocols exist which enable the sender of a communication, such as an e-mail message, to determine that the communication has been delivered to a specified address and even that the message has been accessed or “read”. However, such determination does not prove that the communication has necessarily been received by the correct recipient, nor does it provide any safeguard to enable any compromise of the communication or the intended communication path to be detected.
Still further, it is highly desirable, and in some circumstances essential, for a party to reliably authenticate a party with whom they wish to communicate and also to detect, substantially immediately, the compromise of a user identifier and to prevent any further transactions using that user identifier. Current arrangements rely on the valid user of an identifier to determine that the identifier has been compromised and inform a relevant monitoring body accordingly, so that the identifier can be cancelled and further transactions using that identifier prevented, which can sometimes not occur until many weeks after the compromise has taken place, during which time many unauthorised transactions using the compromised identifier may have been performed.